Re: [spec-reviews] Clear Site Data (#62) from Mike West on 2015-08-17 (public-webapps-github@w3.org from August 2015)

From: Mike West <notifications@github.com>
Date: Mon, 17 Aug 2015 14:00:54 -0700
To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
Message-ID: <w3ctag/spec-reviews/issues/62/131959996@github.com>

> Should this be Clear-Origin-Data?

Eh. Maybe? That seemed to rule out subdomain-spanning behaviors, though, so it's not clear to me that it's the right name for the long term.

> WRT Cookies - hm. Giving JS on subdomain.example.com the power to clear a HTTPOnly cookie for *.example.com is... interesting.

I suppose. The risk seems low if we clear out every other cookie for *.example.com as well.

Again, cookies are nuts. Paths and domains and etc. make me crazy.

> It'd be kind of unfortunate to have that special case in the spec, but it might be necessary.

Why? What risk would that special case mitigate?

---
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/spec-reviews/issues/62#issuecomment-131959996

Received on Monday, 17 August 2015 21:01:21 UTC